Dive Brief:
- Higher education institutions won’t ever get to a point where they can stop worrying about protecting data, so the best strategy is to prepare for continual training and review.
- Campus Technology reports that there are clear behaviors to stay away from, including treating security as an IT problem exclusively and using the same training for everyone across the institution.
- Michigan Tech follows the TARR system — training, auditing, reviewing, and remediating based on a mandatory survey for every staff member at the university dealing with any kind of personal information.
Dive Insight:
Michigan Tech has been able to shift its focus to previously unconsidered high-risk behaviors using its survey. It has also tailored its training programs to be relevant to the actual activities of individual departments. Getting away from the one-size-fits-all approach is important for campuses that are home to a range of information sharing arrangements, often under circumstances that users don’t see as high-risk.